Crypto wallets are an essential part of the cryptocurrency ecosystem as they enable users to manage and interact with crypto assets by storing associated private keys. The private key is responsible for signing all transactions and represents absolute ownership of all associated on-chain assets. Anyone with access to the private key will have complete control over the assets allowing them to transfer to any other wallet of their choice.
In a conventional setting, each crypto wallet holds a single private key to sign transactions. These wallets are known as single signature wallets and are most suitable for individuals. Single signature wallets offer decent protection to the stored assets as long as the private key is not compromised. However, single-signature wallets aren’t suitable for managing a pool of assets with shared ownership as anyone with access to the wallet can transfer funds without needing any permission or authorization from other owners. A similar case applies to crypto platforms and other organizations managing large amounts of funds in crypto assets.
Also, single signature wallets present a single point of failure as in the event the private key gets compromised or lost, the owners will potentially end up losing all the funds stored in those wallets due to the absence of any additional safeguards.
Multi-signature and MPC wallets present an attractive alternative to the more conventional single-signature wallets as they need multiple users to sign any transaction. By setting up a group of authorized signatories, crypto platforms and enterprise wallet, users can ensure accountability and oversight of transactions. They also introduce redundancies, protecting funds from hackers and cybercriminals, as the chances of all signing credentials being compromised at the same time are almost impossible.
Multi-Signature Wallets
Popularly referred to as multisig wallets, multi-signature wallets are cryptocurrency wallets that require more than one signature to execute transactions. The transaction signing authority lies among the members of the trusted group created at the time of wallet setup. In addition, the user can also specify the minimum number of signatures needed to execute any transaction. The minimum signature threshold can be lower than the total number of people in the trusted group. Each member will have their own private key, and anyone from the group can partially sign the transaction until the requisite number of signatures is fulfilled. Once the signature threshold is reached, the multisig wallet will execute the transaction.
Multisig wallets can be set up in any “m” out of the “n” combination where “m” is the signature threshold to execute transactions and “n” signifies the total number of users or private keys that are part of the trusted group. The flexibility offered by multisig wallets allows transactions to proceed even if one more private key is lost as long as the rest of the members can fulfill the signature threshold set for that particular wallet. Further, multiple people signing a single transaction will ensure the accuracy and legitimacy of each transaction, effectively preventing a single person from unilaterally transferring funds out of the wallet.
Multi-Party Computation (MPC) Wallets
Like Multisig wallets, Multiparty Computing wallets or MPC wallets make use of cryptographic data from multiple devices to sign and execute transactions. However, instead of using multiple private keys like their counterpart, MPC wallets split a single private key into smaller parts using algorithms. These individual fractions of the private key are generated on the devices that are a part of the MPC setup. Using computation, these individual parts across various devices form the whole private key allowing to creation digital signature needed to execute the transaction. MPC enables the signing of transactions while keeping each member’s key share a secret never to be revealed to another member of the group. A quite popular and useful feature of these wallets is that they generate dynamic private keys for every transaction, making them highly secure.
Even in the case of MPC wallets, more than one person will be involved throughout the transaction initiation and execution process for accountability and oversight purposes. However, unlike multisig wallets, MPC wallets are mostly based on proprietary software and dependent on third-party support for setup and maintenance as the need arises.
Multisig and MPC Wallets in An Enterprise Setting
Crypto platforms implement a combination of wallets as part of their enterprise wallet infrastructure to secure their assets. They generally use cold wallets for storing the bulk of their assets, hot wallets for storing just the right amount of assets needed to meet the liquidity demand, and warm wallets for easing the transaction process between the cold and hot wallets due to the sheer volume. Implementing multisig and MPC wallets as part of the wallet infrastructure makes a lot of sense as they contribute toward enhanced operational security. However, their implementation in the enterprise wallet infrastructure must be considered carefully to prevent needless issues.
Multisig and MPC Wallets Have Limited Roles in Enterprise Hot Wallet Infrastructure
Hot wallets are considered the most vulnerable link in the enterprise wallet infrastructure, making it necessary to augment their security by using the most suitable setup that strikes a balance between quick transaction processing abilities and security. Using a multisig wallet to affect withdrawal requests or sweep in funds from a deposit wallet to a cold wallet may be an overkill that requires more human intervention than necessary. As a result, multisig wallet setups are more appropriate when it comes to refilling hot wallets from warm or cold wallets, whereas MPC wallets are ideal for automated functions like sweeping funds from deposit wallets to cold or warm wallets.
A hot wallet supporting withdrawals exists to provide instant liquidity to its users, something that would not be possible if these wallets were secured with multiple keys. It would take a considerable period for all members of the party to sign transactions, thereby defeating the purpose of a hot wallet’s existence in the infrastructure. However, a multisig setup would be ideal for cold storage purposes.
Why MPC Wallet Setup Shouldn’t Be Used with Enterprise Cold Wallets!
MPC wallets are secure, there is no doubt about that. But in an enterprise setting, especially when it comes to managing large amounts of funds, the need for accountability and redundancy is very important. While transactions from MPC Wallets require multiple signatures, each signifying a portion of the single private key, there is no way to track the ownership of each key used in a transaction. In an “m” out of “n” setting where “m” signatures out of total “n” signatures are needed to execute a transaction, anyone can sign the transaction without others ever knowing who signed them. It opens the doors for collusion between multiple signatories, leaving funds vulnerable to insider fraud or mismanagement. Further, the lack of transparency surrounding the encryption standards and implementation of MPC wallets due to their proprietary nature and lack of HSM compatibility restricts the extent to which the security can be enhanced.
Each MPC wallet setup is generally specific to individual crypto assets either due to lack of compatibility or technical advancements. As a result, crypto platforms supporting multiple crypto assets will have to operate multiple instances of MPC wallets, which will be resource and cost intensive as compared to HSM-secured conventional multisig wallet setups. Even when it comes to withdrawal wallets, using MPC or even multisig wallets with more than 2 signatures ends up disrupting a smooth user experience, especially where a large number of user transactions are involved.
Find the Right Fit with Liminal
Liminal’s crypto asset custody and management solutions leverage the advantages offered by HSM-based multisig and MPC wallets to provide optimal security without impacting operability. The Smart Cold Wallet solution uses HSM-secured multisig wallets as the foundation with additional security features, including whitelisted addresses and third-party signing with an HSM-based Liminal Signer. With this approach, the platform takes complete advantage of protocol-level support, open-source, and low-cost infrastructure implementation offered by multisig wallets. It reduces dependencies on third-party vendors, allowing crypto platforms to always maintain complete control over their assets and processes. Meanwhile, the MPC wallet infrastructure is extensively used by Liminal to secure hot wallets, enabling automation of withdrawals and transfer of funds from deposit wallets to more secure warm wallets or cold wallets for safe custody.
Liminal’s offerings work seamlessly with third-party wallet infrastructure as well as its own suite of wallet infrastructure products like automated Smart Wallet Refills to provide end-to-end wallet management solutions.
Learn more about Liminal here.
To request a Demo of our products, register here
Do not forget to follow our blog and social media channels to keep yourself updated.
by Liminal
